Smart cards are commonly used in a wide range of applications for the purpose of authority check, payment, satellite TV, data storage, etc. As an example the health insurance and banking industries use smart cards extensively. A smart card usually resembles a credit card in size and shape, but typically contains an embedded microprocessor inside. A terminal with a card reader communicates with the microprocessor which controls access to the data on the card. Smart cards may e.g. be used with a smart card reader attached to or located in a personal computer to authenticate a user, etc. Smart card readers can also be found in mobile phones for SIM reading and vending machines.
For a private and/or in-home terminal with a smart card reading capability, such as a set top box (STB), integrated digital television (IDTV), Digital TVs, home gateways, access systems, GSMs, Internet audio sets, car systems, etc. the possibilities to spy on the electronic communication between a smart card and/or a secure access card and the terminal is much greater than in a public automated teller machine (ATM) or similar semi-public/public terminals e.g. used for/in connection with e-commerce. This enables attack on the smart card that is not possible with conventional smart card applications in public and/or semi-public terminals, due to the operation in a private sphere.
A financial and service industry consortium Finread in Europe is attempting to standardize a form of e-commerce terminals used in public ATM and personal computers (PCs), and also for future STBs. IDTV and similar home terminals. Up until now, the consortium has focused on expensive tamper detection and tamper resistant constructions for home e-commerce terminals. Embedded Finread is a part of the Finread consortium examining the issues of low-cost terminals for e-commerce such as IDTV, Jave terminals and STBs. The cost of tamper resistant and other counter measures normally adopted for dedicated terminals (i.e. ATMs) are considered to complex and/or expensive for the low cost home terminals.
A variety of smart cards/secure access cards exist, some with no sophisticated processing power, typically memory only cards. Other cards, typically so-called multi-application/multi-function cards, comprise more advanced properties and functions typically providing secure authentication of the user/owner of the card e.g. in relation to gaining access to equipment, accounts, functions, transfer of money, e-commerce applications, etc.
Such cards have on-card dynamic data processing capabilities and allocate card memory into independent sections assigned to a specific function and/or application.
The multi-application/multi-function smart card is distributed by one issuer but allows two or more applications/functions to be resident on the smart card. Typically, advanced 32-bit processor cards are used for this purpose.
A Java smart card is a smart card with a Java Virtual Machine (JVM) that allows applications to enter and reside on the card. In this way, a Java smart card is a first step towards multi-application smart cards.
As mentioned traditional smart cards only run one process, while a Java smart card have the capability to run multiple processes on the card, which is an enhancement of the smart card protection capability that allows the smart card not only to perform secured transaction, but also to monitor itself and the presence of an attack.
A device typically designated a sub-terminal is a device which includes some features of a terminal, i.e. user input, display, storage and a remote connection to the Internet, or a broadcast channel, but not all. Thus a terminal is complete, and examples are e.g. IDTV, STB or GSM (or similar cellular systems like 3G, UMTS, GPRS, etc.), but a sub-terminal is incomplete. In this way, a sub-terminal is a low-cost version of a terminal that provides some but not all the functionality of a terminal. One example of a sub-terminal is e.g. a TV remote control. The sub-terminal may e.g. also be the conditional access module (typically denoted POD (point of deployment) in the US) of the conditional access system implemented in a STB and/or a TV. The conditional access module is a DVB based term derived from the Common Interface concept for DVB terminals.
Most system can be attacked successfully by a sufficiently resourced attacking entity. It is however necessary to provide sufficient defense (protection and/or detection) against a reasonably resourced security attack or at least provide counter measures that are sufficient to make a single form of attack no more successfully than others. It is also desirable to enable this in an inexpensive way.
A fake terminal can be used to gain access to an unwary user's pin-code or other application information of the card, which is hard to defend against, and would require other protection/detection schemes than provided by the present invention.
However, a typical security attack on genuine terminals/sub-terminals is to use a smart card emulating the function of a valid card and/or use a modified smart card, e.g. modified in order to gain access to otherwise restricted services, functions, etc in a terminal.
Patent specification U.S. Pat. No. 5,416,423 discloses a method of verifying the integrity of a smart card by detecting the capacitance of wires connecting the card. However, this specific verifying method requires that electrical wires are connected to the card in order to gain information regarding whether a smart card simulating an external circuit is coupled thereto. Further, it is known to design and program a smart card, which for an ordinary card reading terminal may be functionally indistinguishable from an authorized card. The terminal according to the above-mentioned patent specification is not able to detect a smart card emulating another smart card, i.e. when no external circuit is attached thereto with wires.